A peek inside the Smoke Malware Loader

The competitive arms race between security vendors and malicious cybercriminals constantly produces new defensive mechanisms, next to new attack platforms and malicious tools aiming to efficiently exploit and infect as many people as possible.

Continuing the “A peek inside…” series, in this post I will profile yet another malware loader. This time it’s the Smoke Malware Loader.

The Smoke Malware Loader is a modular malware loader, that comes with several different modules based on how much is the customer willing to spend.

The modular nature of the Smoke Malware Loader allows the seller of the bot to come up with flexible pricing plans, potentially lowering down the entry barriers into this market segment. The bot’s password grabbing functionality is a great reminder of how you shouldn’t save your passwords in the browser, as they become susceptible to extraction techniques like the ones used by the Smoke Malware Loader.